Remove SecurityHeaders

We no longer need this since Spring Framework now provides
HttpHeaders.setBearerAuth

Issue: gh-5612

Author: rwinch

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java

@@ -16,7 +16,6 @@
 
 package org.springframework.security.oauth2.client.userinfo;
 
-import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
 
 import java.net.UnknownHostException;
 import java.util.HashSet;
@@ -114,7 +113,7 @@ public Mono<OAuth2User> loadUser(OAuth2UserRequest userRequest)
 				requestHeadersSpec = this.webClient.get()
 						.uri(userInfoUri)
 						.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
-						.headers(bearerToken(userRequest.getAccessToken().getTokenValue()));
+						.headers(headers -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue()));
 			}
 			Mono<Map<String, Object>> userAttributes = requestHeadersSpec
 					.retrieve()

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java

@@ -48,7 +48,6 @@
 import java.util.function.Consumer;
 
 import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
-import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
 
 /**
  * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2 requests by including the
@@ -190,7 +189,7 @@ private boolean shouldRefresh(OAuth2AuthorizedClient authorizedClient) {
 
 	private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
 		return ClientRequest.from(request)
-					.headers(bearerToken(authorizedClient.getAccessToken().getTokenValue()))
+					.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
 					.build();
 	}
 

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java

@@ -56,7 +56,6 @@
 import java.util.function.Consumer;
 
 import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
-import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
 
 /**
  * Provides an easy mechanism for using an {@link OAuth2AuthorizedClient} to make OAuth2 requests by including the
@@ -338,7 +337,7 @@ private boolean shouldRefresh(OAuth2AuthorizedClient authorizedClient) {
 
 	private ClientRequest bearer(ClientRequest request, OAuth2AuthorizedClient authorizedClient) {
 		return ClientRequest.from(request)
-					.headers(bearerToken(authorizedClient.getAccessToken().getTokenValue()))
+					.headers(headers -> headers.setBearerAuth(authorizedClient.getAccessToken().getTokenValue()))
 					.build();
 	}
 

samples/boot/oauth2resourceserver-webflux/src/test/java/sample/ServerOauth2ResourceApplicationTests.java

@@ -25,8 +25,6 @@
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
-import static org.springframework.security.web.http.SecurityHeaders.bearerToken;
-
 /**
  * @author Rob Winch
  * @since 5.1
@@ -42,7 +40,7 @@ public class ServerOauth2ResourceApplicationTests {
 	public void getWhenValidTokenThenIsOk() {
 		String token = "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6Im1lc3NhZ2U6cmVhZCIsImV4cCI6MzEwNjMyODEzMSwianRpIjoiOGY5ZjFiYzItOWVlMi00NTJkLThhMGEtODg3YmE4YmViYjYzIn0.CM_KulSsIrNXW1x6NFeN5VwKQiIW-LIAScJzakRFDox8Ql7o4WOb0ubY3CjWYnglwqYzBvH9McCFqVrUtzdfODY5tyEEJSxWndIGExOi2osrwRPsY3AGzNa23GMfC9I03BFP1IFCq4ZfL-L6yVcIjLke-rA40UG-r-oA7r-N_zsLc5poO7Azf29IQgQF0GSRp4AKQprYHF5Q-Nz9XkILMDz9CwPQ9cbdLCC9smvaGmEAjMUr-C1QgM-_ulb42gWtRDLorW_eArg8g-fmIP0_w82eNWCBjLTy-WaDMACnDVrrUVsUMCqx6jS6h8_uejKly2NFuhyueIHZTTySqCZoTA";
 		this.rest.get().uri("/")
-				.headers(bearerToken(token))
+				.headers(headers -> headers.setBearerAuth(token))
 				.exchange()
 				.expectStatus().isOk()
 				.expectBody(String.class).isEqualTo("Hello, null!");
@@ -60,7 +58,7 @@ public void getWhenNoTokenThenIsUnauthorized() {
 	public void getWhenNone() {
 		String token = "ew0KICAiYWxnIjogIm5vbmUiLA0KICAidHlwIjogIkpXVCINCn0.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJKb2huIERvZSIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.";
 		this.rest.get().uri("/")
-				.headers(bearerToken(token))
+				.headers(headers -> headers.setBearerAuth(token))
 				.exchange()
 				.expectStatus().isUnauthorized()
 				.expectHeader().valueEquals(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"invalid_token\", error_description=\"Unsupported algorithm of none\", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
@@ -70,7 +68,7 @@ public void getWhenNone() {
 	public void getWhenInvalidToken() {
 		String token = "a";
 		this.rest.get().uri("/")
-				.headers(bearerToken(token))
+				.headers(headers -> headers.setBearerAuth(token))
 				.exchange()
 				.expectStatus().isUnauthorized()
 				.expectHeader().valueEquals(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"invalid_token\", error_description=\"An error occurred while attempting to decode the Jwt: Invalid JWT serialization: Missing dot delimiter(s)\", error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");